Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User LL2 is KO for some reason o.o'' Please Help Me


  • This topic is locked This topic is locked
10 replies to this topic

#1 NekoxAkuma

NekoxAkuma

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:52 PM

Posted 06 May 2013 - 03:07 PM

Um , Hello im new here.waves*

I dont want to get in trouble by posting what it said but I came upon RogueKiller and i used it. It says User LL2 is ko but LL1 is ok. Im not really sure how to fix this , could someone help me please ?

I dont want it to be knocked out >.< thank you for any help you can give me ~

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.13.2
Run by Kitty at 15:41:46 on 2013-05-06
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.3849 [GMT -4:00]
.
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\atwtusb.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\AtwtusbIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://live.xbox.com/en-US/Profile
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
StartupFolder: C:\Users\Kitty\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{0507E72B-41DA-4392-A02B-0DA77874249E} : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AtwtusbIcon] AtwtusbIcon.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\kgtgig9i.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\Kitty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Kitty\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-09 17:00; ascsurfingprotection@iobit.com; C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\kgtgig9i.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-17 52856]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe [2013-4-9 1051088]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-1-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-30 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [2013-4-9 621008]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-19 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-21 2413056]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-22 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-22 701512]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-22 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-1-19 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-1-19 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-21 428136]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-11-15 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2012-12-8 390672]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-17 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-17 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-16 1255736]
.
=============== Created Last 60 ================
.
2013-05-04 21:02:09 -------- d-----w- C:\Windows\ERUNT
2013-05-04 21:02:02 -------- d-----w- C:\JRT
2013-05-03 08:58:15 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95892633-B5A9-473D-AB2C-F6887B46033B}\mpengine.dll
2013-04-30 03:53:33 -------- d-----w- C:\Users\Kitty\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 03:52:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-04-30 03:52:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-04-24 03:46:50 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-19 09:00:51 -------- d-----w- C:\Users\Kitty\AppData\Local\Facebook
2013-04-15 05:01:58 -------- d-----w- C:\Users\Kitty\AppData\Roaming\raidcall
2013-04-15 05:01:51 -------- d-----w- C:\Program Files (x86)\RaidCall
2013-04-10 21:23:06 5664768 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-04-10 04:57:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 01:43:11 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 01:43:09 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 01:43:09 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 01:43:08 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 01:43:08 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 01:43:08 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 01:42:45 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 01:37:32 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 01:00:05 431176 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2013-04-10 01:00:00 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-04-10 01:00:00 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-04-10 00:59:59 -------- d-----w- C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-04-07 09:08:47 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2013-04-07 09:04:54 -------- d-----w- C:\PhSp_CS2_UE_Ret
2013-04-04 00:26:17 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-03-30 22:13:38 -------- d-----w- C:\ProgramData\Protexis64
2013-03-30 22:12:58 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2013-03-30 22:12:53 -------- d-----w- C:\ProgramData\Corel
2013-03-30 22:12:53 -------- d-----w- C:\Program Files\Common Files\Protexis
2013-03-30 22:12:00 -------- d-----w- C:\Program Files\Corel
2013-03-30 22:11:18 -------- d-----w- C:\ProgramData\Corel Painter 12
2013-03-28 00:23:51 -------- d-----w- C:\Users\Kitty\AppData\Local\Daum
2013-03-28 00:23:50 -------- d-----w- C:\Users\Kitty\AppData\Roaming\PotPlayerMini
2013-03-28 00:22:27 -------- d-----w- C:\Program Files (x86)\Daum
2013-03-20 04:22:43 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2013-03-19 01:30:24 -------- d-----w- C:\ProgramData\firebird
2013-03-19 01:30:21 -------- d-----w- C:\Users\Kitty\AppData\Roaming\Chrysanth
2013-03-19 01:30:14 -------- d-----w- C:\Program Files (x86)\Chrysanth
2013-03-15 03:15:01 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2013-03-14 11:12:04 -------- d-----w- C:\Program Files (x86)\AnvSoft
2013-03-13 06:52:32 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-10 22:03:42 -------- d-----w- C:\Program Files (x86)\CamStudio 2.7
.
==================== Find6M  ====================
.
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-14 01:23:48 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-14 01:23:48 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-13 06:52:52 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-03-13 06:52:52 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-03-13 06:52:52 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-03-13 06:52:52 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-03-13 06:52:52 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-03-13 06:52:52 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-13 14:16:20 0 ----a-w- C:\Windows\ativpsrm.bin
2013-02-13 01:04:50 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 01:04:50 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 00:59:19 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 00:59:18 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 00:59:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 00:59:18 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-02-13 00:59:18 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 00:59:18 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 00:59:18 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-02 04:24:48 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 04:24:46 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-02 04:24:46 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-21 09:29:48 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2013-01-21 09:29:48 338536 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2013-01-21 09:28:11 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-01-21 09:28:11 428136 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-01-21 09:28:11 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-01-20 02:59:12 8604672 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys
2013-01-20 02:57:35 91648 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys
2013-01-20 02:57:35 81920 ----a-w- C:\Windows\System32\nusb3co2.dll
2013-01-20 02:57:35 208896 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys
2013-01-17 04:27:08 52856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-01-17 04:27:08 129784 ------w- C:\Windows\SysWow64\pxafs.dll
2013-01-17 04:27:08 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe
2013-01-17 04:27:08 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe
2013-01-17 04:27:08 10488 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-01-17 04:27:08 10488 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-01-17 01:53:35 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-01-17 01:53:35 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
.
============= FINISH: 15:42:26.87 ===============
 
Attached File  attach.txt   5.85KB   0 downloads

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 10 May 2013 - 07:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 NekoxAkuma

NekoxAkuma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:52 PM

Posted 10 May 2013 - 06:11 PM

Hello ^ ^
I did as you said. I would have to run RogueKiller to see if user LL2 is still ko though.
I see it says that Java is out of date, I disabled it on all browsers I use back when it was reported as insecure.
 
 
 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Advanced SystemCare Ultimate   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 13  
 Java version out of Date!
 Adobe Flash Player 11.6.602.180  
 Mozilla Firefox 18.0.2 Firefox out of Date!
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 
 

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 18:37:26
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kitty - KITTYSCOMPY
# Boot Mode : Normal
# Running from : C:\Users\Kitty\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\ProgramData\APN
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v18.0.2 (en-US)
 
File : C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\kgtgig9i.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [851 octets] - [10/05/2013 18:37:26]
 
########## EOF - C:\AdwCleaner[S1].txt - [910 octets] ##########
 
 

ComboFix 13-05-10.03 - Kitty 05/10/2013  18:49:18.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.4345 [GMT -4:00]
Running from: c:\users\Kitty\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Kitty\AppData\Local\assembly\tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-10 to 2013-05-10  )))))))))))))))))))))))))))))))
.
.
2013-05-10 22:54 . 2013-05-10 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-10 06:34 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CB67062-7ABA-44BF-A4E5-83067CFC5662}\mpengine.dll
2013-05-07 18:53 . 2013-05-07 18:53 -------- d-sh--w- c:\users\Kitty\AppData\Local\ms-drivers
2013-05-04 21:02 . 2013-05-04 21:02 -------- d-----w- c:\windows\ERUNT
2013-05-04 21:02 . 2013-05-10 22:28 -------- d-----w- C:\JRT
2013-04-30 03:53 . 2013-04-30 03:53 -------- d-----w- c:\users\Kitty\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 03:52 . 2013-04-30 03:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-04-30 03:52 . 2013-04-30 03:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-04-24 03:46 . 2013-04-24 03:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-19 09:00 . 2013-04-19 09:01 -------- d-----w- c:\users\Kitty\AppData\Local\Facebook
2013-04-16 02:58 . 2013-04-16 02:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-15 05:01 . 2013-04-15 05:01 -------- d-----w- c:\users\Kitty\AppData\Roaming\raidcall
2013-04-15 05:01 . 2013-04-18 01:38 -------- d-----w- c:\program files (x86)\RaidCall
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 22:38 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 06:06 . 2013-01-18 17:56 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-14 01:23 . 2013-02-13 01:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-14 01:23 . 2013-02-13 01:08 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 04:58 . 2013-01-16 23:56 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 18:50 . 2013-01-22 10:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 01:43 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 01:43 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 01:43 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 01:43 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 01:43 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 01:43 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-13 06:52 . 2013-03-13 06:52 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-03-13 06:52 . 2013-03-13 06:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-03-13 06:52 . 2013-03-13 06:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-03-13 06:52 . 2013-03-13 06:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-13 06:52 . 2013-03-13 06:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-03-13 06:52 . 2013-03-13 06:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-03-13 06:52 . 2013-03-13 06:52 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-01 03:36 . 2013-04-10 01:42 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 08:03 . 2013-02-27 08:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-27 08:03 . 2013-02-27 08:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-02-27 08:03 . 2013-02-27 08:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-02-27 08:03 . 2013-02-27 08:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-02-27 08:03 . 2013-02-27 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-02-27 08:03 . 2013-02-27 08:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-02-27 08:03 . 2013-02-27 08:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-02-27 08:03 . 2013-02-27 08:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-02-27 08:03 . 2013-02-27 08:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-02-27 08:03 . 2013-02-27 08:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-02-27 08:03 . 2013-02-27 08:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-02-27 08:03 . 2013-02-27 08:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-27 08:03 . 2013-02-27 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-02-27 08:03 . 2013-02-27 08:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-02-27 08:03 . 2013-02-27 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-02-27 08:03 . 2013-02-27 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-02-27 08:03 . 2013-02-27 08:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-02-27 08:03 . 2013-02-27 08:03 441856 ----a-w- c:\windows\system32\html.iec
2013-02-27 08:03 . 2013-02-27 08:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-02-27 08:03 . 2013-02-27 08:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-02-27 08:03 . 2013-02-27 08:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-02-27 08:03 . 2013-02-27 08:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-27 08:03 . 2013-02-27 08:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-02-27 08:03 . 2013-02-27 08:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-02-27 08:03 . 2013-02-27 08:03 235008 ----a-w- c:\windows\system32\url.dll
2013-02-27 08:03 . 2013-02-27 08:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-02-27 08:03 . 2013-02-27 08:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-02-27 08:03 . 2013-02-27 08:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-02-27 08:03 . 2013-02-27 08:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-02-27 08:03 . 2013-02-27 08:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-02-27 08:03 . 2013-02-27 08:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-27 08:03 . 2013-02-27 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-02-27 08:03 . 2013-02-27 08:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-02-27 08:03 . 2013-02-27 08:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-27 08:03 . 2013-02-27 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-02-27 08:03 . 2013-02-27 08:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-02-27 08:03 . 2013-02-27 08:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-02-27 08:03 . 2013-02-27 08:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-27 08:03 . 2013-02-27 08:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-02-27 08:03 . 2013-02-27 08:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-02-27 08:03 . 2013-02-27 08:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-27 08:03 . 2013-02-27 08:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-02-27 08:03 . 2013-02-27 08:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-02-27 08:03 . 2013-02-27 08:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-02-27 08:03 . 2013-02-27 08:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-02-27 08:03 . 2013-02-27 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-02-27 08:03 . 2013-02-27 08:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-02-27 08:03 . 2013-02-27 08:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-02-24 09:09 . 2013-02-24 09:09 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-02-21 10:30 . 2013-04-10 04:57 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-21 10:29 . 2013-04-10 04:57 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-21 10:29 . 2013-04-10 04:58 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-02-21 10:29 . 2013-04-10 04:57 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15 . 2013-04-10 04:58 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-02-21 10:15 . 2013-04-10 04:57 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 10:14 . 2013-04-10 04:57 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-02-21 10:14 . 2013-04-10 04:57 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-02-21 10:14 . 2013-04-10 04:57 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-21 10:14 . 2013-04-10 04:57 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-02-21 10:14 . 2013-04-10 04:57 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-21 10:14 . 2013-04-10 04:57 855552 ----a-w- c:\windows\system32\jscript.dll
2013-02-21 10:14 . 2013-04-10 04:58 526336 ----a-w- c:\windows\system32\ieui.dll
2013-02-21 10:14 . 2013-04-10 04:58 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-02-21 10:14 . 2013-04-10 04:57 2647040 ----a-w- c:\windows\system32\iertutil.dll
2013-02-21 10:14 . 2013-04-10 04:57 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-21 10:14 . 2013-04-10 04:58 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-02-21 10:14 . 2013-04-10 04:57 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-02-19 12:01 . 2013-04-10 04:58 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42 . 2013-04-10 04:58 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-19 11:10 . 2013-04-10 04:57 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51 . 2013-04-10 04:57 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-18 23:37 . 2013-02-18 23:37 53248 ----a-r- c:\users\Kitty\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-02-13 01:04 . 2013-02-13 01:04 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 01:04 . 2013-02-13 01:04 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 00:59 . 2013-02-13 00:59 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 00:59 . 2013-02-13 00:59 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 00:59 . 2013-02-13 00:59 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 00:59 . 2013-02-13 00:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-02-13 00:59 . 2013-02-13 00:59 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 00:59 . 2013-02-13 00:59 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kitty\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-19 138096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2013-01-20 113288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-11-22 2127896]
.
c:\users\Kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2012-09-11 390672]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-17 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2013-01-17 52856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2013-01-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-01 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-01-21 2413056]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2012-10-19 581120]
S3 ALSysIO;ALSysIO;c:\users\Kitty\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2012-08-03 40432]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2013-01-20 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2013-01-20 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2013-01-21 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-01-21 428136]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-11-15 126464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 03:43 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 01:23]
.
2013-05-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2289822969-3142882649-34030890-1000Core.job
- c:\users\Kitty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 09:00]
.
2013-05-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2289822969-3142882649-34030890-1000UA.job
- c:\users\Kitty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 09:00]
.
2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 22:29]
.
2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 22:29]
.
2013-05-04 c:\windows\Tasks\HPCeeScheduleForKitty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-23 09:40 261624 ----a-w- c:\users\Kitty\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-23 09:40 261624 ----a-w- c:\users\Kitty\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-23 09:40 261624 ----a-w- c:\users\Kitty\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-01-17 1128448]
"AtwtusbIcon"="AtwtusbIcon.exe" [2012-09-10 3593728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\kgtgig9i.default\
FF - ExtSQL: 2013-04-09 17:00; ascsurfingprotection@iobit.com; c:\users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\kgtgig9i.default\extensions\ascsurfingprotection@iobit.com
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-48730869.sys
SafeBoot-81981764.sys
SafeBoot-IMFservice
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-05-10  19:00:28 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-10 23:00
.
Pre-Run: 560,836,251,648 bytes free
Post-Run: 560,691,437,568 bytes free
.
- - End Of File - - 92FF74DD96ED2ED19490BA11366BF7BA
 

 

 

 


Edited by NekoxAkuma, 10 May 2013 - 06:18 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 11 May 2013 - 07:05 AM

Your logs are clean.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 13

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Why did you run the RogueRiller tool?

Any problems with this computer?

#5 NekoxAkuma

NekoxAkuma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:52 PM

Posted 12 May 2013 - 07:32 AM

Okay , i updated java.

I ran it because that was the original problem and i was seeing if it had been fixed but it still says user LL2 is ko.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 12 May 2013 - 08:53 AM


Please post a fresh RogueKiller log for my review.

If you have a problem with the L2 cache then you should be experiencing some slowdown. Let me know if this is the case.


L1 - L2 Cache Memory.

http://support.gateway.com/s/tutorials/Tu_949704.shtml

Extract from the page, not all listed.

Quoted from the article.

When the processor needs information, it checks L1 cache, then L2 cache. It goes to main memory only if neither cache holds the desired information. Because L2 cache holds a large number of RAM addresses, an L2 cache failure is serious. It corrupts data, meaning that the CPU can no longer access memory reliably unless L2 cache is disabled. Disabling L2 cache causes a huge slowdown in performance. Because L2 cache is built into the CPU, an L2 cache error that's confirmed means that you need to replace your CPU.



#7 NekoxAkuma

NekoxAkuma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:52 PM

Posted 12 May 2013 - 06:32 PM

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kitty [Admin rights]
Mode : Scan -- Date : 05/12/2013 19:31:45
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] e0c28ab9b24523e9917f77e473ddcebb
[BSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700275 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1434572800 | Size: 14826 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1a6b56e3b8874dbce1e7ab81e4003acf
[BSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo
 
Finished : << RKreport[1]_S_05122013_02d1931.txt >>
RKreport[1]_S_05122013_02d1931.txt

Edited by NekoxAkuma, 12 May 2013 - 06:39 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 13 May 2013 - 07:15 AM

User != LL2 ... KO!

 

 

This looks like a program syntax error.

 

Any problems with this computer?



#9 NekoxAkuma

NekoxAkuma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:52 PM

Posted 13 May 2013 - 07:30 AM

what do you mean by syntax error ? 

 

My computer seems fine , not slow , and working like it always has.

I didn't think there was anything wrong with my CPU because each core is displaying a heat reading on core temp.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 13 May 2013 - 08:46 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 19 May 2013 - 08:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users